30 Jun
2011
30 Jun
'11
10:27 a.m.
On Thu, Jun 30, 2011 at 9:58 AM, Michael Snoyman
Hi all,
* I recently heard that Snap also uses client-side sessions. If this is true, what packages does it use?
We have some prototype stuff that isn't released yet, and I didn't write it so I don't know much about it.
* Can anyone think of a downside to setting HttpOnly on session cookies?
No, especially if they are encrypted. In that case, the only use case
for JS to access them is to steal them.
G
--
Gregory Collins